Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Threat actors leverage old email conversation threads to spread Emotet

Threat actors leverage old email conversation threads to spread Emotet

  • Threat actors revive old email conversation threads to inject a link to an Emotet-infected file.
  • The tactic has been previously used by a North Korean hacker group to target various individuals.

The operators of Emotet trojan have evolved their tactics to spread the malware. Lately, they have been observed reviving old email conversation threads to inject a link to an Emotet-infected file.

How does it work – Users involved in the previous email exchanges would receive an email that pretends to be from the previous correspondents. However, the email actually comes from Emotet servers.

The email conversation thread would be left intact but the Emotet gang would insert an URL at the top of the email that would link to an Emotet-infected file or a malicious document.

How old is the tactic – The tactic has been previously used by a North Korean-based hacking group to target various individuals across the world. In 2017, Palo Alto Networks Unit 42 researchers had noted that the threat actors had leveraged the tactic to compromise multiple email accounts tied to a legitimate domain in North East Asia.

How long the Emotet gang is using the tactic – The Emotet gang has taken this new approach in October last year. This enabled the group to launch a mass-harvesting campaign.

According to a report from Cofense, the gang has been actively using the tactic from April 9, 2019, thus calling it as a ‘Major evolution in the way Emotet works’.

This new Emotet email thread spam isn’t limited to English emails. The operators are also leveraging English and German email threads to launch attacks.

“The injected reply is usually prefaced with ‘Attached is your confidential docs. These templates are pretty limited in run and not very numerous compared to the ‘normal’ [Emotet] malspam,” said Cryptolaemus Group researcher Joseph Roosen, ZDNet reported.

Which other malware has used the tactic – The creators of URSnif trojan used a similar tactic in March and October 2018. They created the email threads from scratch, instead of reviving the threads, to spread the malware.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Juniper Firewall
Cisco Firewall
Checkpoint Firewall
paloalto Firewall
Fortinet Firewall
Forcepoint Firewall

 

Sophos Firewall
WatchGuard Firewall
Barracuda Firewall
Sonicwall Firewall
GajShield Firewall
Seqrite Firewall

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Firm is a Managed Firewall Security Solution Provider Company in India | Digital Marketing by SEO Company India | Powered by IT Monteur